>>>>> "*Hobbit*" == *Hobbit* <hobbit@bronze.lcs.mit.edu> writes: *Hobbit*> Why is everyone so hot on bumping up buffer sizes, as *Hobbit*> opposed to sanitizing and limiting the input TO them? *Hobbit*> Christ, it seems so OBVIOUS in light of this Sendmail *Hobbit*> thing. I think it's important to support ridiculously long URLs; arbitrarily small URL length limits stop you from being able to accumulate session state in the URL, which is a nice thing to be able to do. In most web applications, the state that is kept (like input to queries) is small; I have some applications that need a lot more. Proper and careful use of dynamic string libraries is in any case better than fixed-size buffers; they solve the security problem (with overflows) and they do not inhibit functionality, as do fixed-size buffers. -Rens